本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
讀取、寫入、更新和刪除 DynamoDB 資料表存取權限的 IAM 政策
如果您需要允許應用程式建立、讀取、更新和刪除 Amazon DynamoDB 資料表、索引和串流中的資料,請使用此政策。視需要替換 AWS 區域名稱、您的帳戶 ID,以及資料表名稱或萬用字元 (*)。
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DynamoDBIndexAndStreamAccess",
"Effect": "Allow",
"Action": [
"dynamodb:GetShardIterator",
"dynamodb:Scan",
"dynamodb:Query",
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:ListStreams"
],
"Resource": [
"arn:aws:dynamodb:us-west-2:123456789012:table/Books/index/*",
"arn:aws:dynamodb:us-west-2:123456789012:table/Books/stream/*"
]
},
{
"Sid": "DynamoDBTableAccess",
"Effect": "Allow",
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:BatchWriteItem",
"dynamodb:ConditionCheckItem",
"dynamodb:PutItem",
"dynamodb:DescribeTable",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:Scan",
"dynamodb:Query",
"dynamodb:UpdateItem"
],
"Resource": "arn:aws:dynamodb:us-west-2:123456789012:table/Books"
},
{
"Sid": "DynamoDBDescribeLimitsAccess",
"Effect": "Allow",
"Action": "dynamodb:DescribeLimits",
"Resource": [
"arn:aws:dynamodb:us-west-2:123456789012:table/Books",
"arn:aws:dynamodb:us-west-2:123456789012:table/Books/index/*"
]
}
]
}
若要展開此政策以涵蓋此帳戶所有 AWS 區域中的所有 DynamoDB 資料表,請針對區域和資料表名稱使用萬用字元 (*)。例如:
"Resource":[
"arn:aws:dynamodb:*:123456789012:table/*",
"arn:aws:dynamodb:*:123456789012:table/*/index/*"
]
